sinfo · PMax5 · Feb 26, 2024 · Feb 25, 2024 · Feb 25, 2024 · Feb 26, 2024
diff --git a/auth/company.js b/auth/company.js
@@ -1,20 +1,16 @@
 module.exports = server => {
   server.auth.strategy('company', 'bearer-access-token', {
-    validate: async (request, token, h) => {
+    validate: async (request, token) => {
       try {
-        let link = await request.server.methods.link.findByToken(token)
+        const link = await request.server.methods.link.findByToken(token)
+        if (!link || !link.valid) return { isValid: false }
 
-        if (link === null || link.valid === false) {
-          return { isValid: false, credentials: token, artifacts: token }
-        }
+        const decoded = await request.server.methods.jwt.verify(token)
+        if (!decoded) return { isValid: false }
 
-        let decoded = await request.server.methods.jwt.verify(token)
-
-        return decoded
-          ? { isValid: true, credentials: decoded, artifacts: token }
-          : { isValid: false, credentials: token, artifacts: token }
+        return { isValid: true, credentials: decoded, artifacts: token }
       } catch (err) {
-        return { isValid: false, credentials: token, artifacts: token }
+        return { isValid: false }
       }
     }
   })

diff --git a/auth/sinfo.js b/auth/sinfo.js
@@ -42,8 +42,10 @@ function authenticate(user) {
 
 module.exports = server => {
   server.auth.strategy('sinfo', 'bearer-access-token', {
-    validate: async (request, token, h) => {
-      return jwt.verify(token)
+    validate: async (request, token) => {
+      const decoded = await jwt.verify(token)
+      if (!decoded) throw Boom.unauthorized('Invalid token')
+      return { isValid: true, credentials: decoded, artifacts: token }
     }
   })
 

diff --git a/helpers/pre.js b/helpers/pre.js
@@ -37,7 +37,7 @@ module.exports.duration = {
     const beginDate = new Date(edition.begin).getTime()
     const endDate = new Date(edition.end).getTime()
 
-    return new Date(endDate - beginDate).getUTCDate() - 1
+    return new Date(endDate - beginDate).getUTCDate()
   },
   assign: 'duration'
 }

diff --git a/plugins/jwt.js b/plugins/jwt.js
@@ -28,12 +28,9 @@ async function generate (data, options) {
 
 async function verify (token) {
   try {
-    const decoded = jwt.verify(token, publicKey)
-    return decoded
-          ? { isValid: true, credentials: decoded, artifacts: token }
-          : { isValid: false, credentials: token, artifacts: token }
+    return jwt.verify(token, publicKey)
   } catch (err) {
-    throw Boom.unauthorized(err)
+    return null
   }
 }
 

diff --git a/routes/company.js b/routes/company.js
@@ -15,7 +15,7 @@ module.exports = [
       description: 'Check token validation',
       handler: async (request, h) => {
         try {
-          const credentials = request.auth.credentials.credentials
+          const credentials = request.auth.credentials
 
           const link = await request.server.methods.link.find({
             companyId: credentials.company,
@@ -103,7 +103,7 @@ module.exports = [
         ]
       ],
       handler: async (request, h) => {
-        const companyId = request.auth.credentials.credentials.company
+        const companyId = request.auth.credentials.company
         const edition = request.pre.edition
 
         let step
@@ -155,7 +155,7 @@ module.exports = [
         ]
       ],
       handler: async (request, h) => {
-        const companyId = request.auth.credentials.credentials.company
+        const companyId = request.auth.credentials.company
         const edition = request.pre.edition
         const info = request.payload.info
         const titles = request.payload.titles
@@ -219,7 +219,7 @@ module.exports = [
         ]
       ],
       handler: async (request, h) => {
-        let companyId = request.auth.credentials.credentials.company
+        let companyId = request.auth.credentials.company
         let stands = request.payload.stands
         let edition = request.pre.edition
         let link = request.pre.link
@@ -323,7 +323,7 @@ module.exports = [
         ]
       ],
       handler: async (request, h) => {
-        const companyId = request.auth.credentials.credentials.company
+        const companyId = request.auth.credentials.company
         const edition = request.pre.edition
         const file = request.pre.file
 
@@ -374,7 +374,7 @@ module.exports = [
         ]
       ],
       handler: async (request, h) => {
-        let companyId = request.auth.credentials.credentials.company
+        let companyId = request.auth.credentials.company
         let edition = request.pre.edition
         let venue = request.pre.venue
 
@@ -412,7 +412,7 @@ module.exports = [
       ],
       handler: async (request, h) => {
         try {
-          const companyId = request.auth.credentials.credentials.company
+          const companyId = request.auth.credentials.company
           const edition = request.pre.edition
           const latest = request.query.latest
 

diff --git a/routes/link.js b/routes/link.js
@@ -69,11 +69,8 @@ module.exports = [
           const links = await request.server.methods.link.find({ valid: true })
 
           for (const link of links) {
-            const token = await request.server.methods.jwt.verify(link.token)
-
-            if (token === null || token.exp * 1000 - new Date().getTime() <= 0) {
-              await request.server.methods.link.revoke(link.companyId, link.edition)
-            }
+            const decoded = await request.server.methods.jwt.verify(link.token)
+            if (!decoded) await request.server.methods.link.revoke(link.companyId, link.edition)
           }
 
           const result = await request.server.methods.link.find({ edition: edition })
@@ -125,16 +122,13 @@ module.exports = [
             return Boom.resourceGone('Link not valid')
           }
 
-          const token = await request.server.methods.jwt.verify(link[0].token)
-
-          if (token && token.credentials.exp * 1000 - new Date().getTime() <= 0) {
+          const decoded = await request.server.methods.jwt.verify(link[0].token)
+          if (!decoded)  {
             await request.server.methods.link.revoke(companyId, edition)
             return Boom.resourceGone('Token expired')
           }
 
-          return token === null
-            ? Boom.resourceGone('Token expired')
-            : { expirationDate: new Date(token.credentials.exp * 1000).toJSON() }
+          return { expirationDate: new Date(decoded.exp * 1000).toJSON() }
         } catch (err) {
           logger.error({ info: request.info, error: err })
           return Boom.boomify(err)

diff --git a/test/link.js b/test/link.js
@@ -592,8 +592,8 @@ describe('link', async function () {
       expect(response.statusCode).to.eql(200)
 
       // check if response token is correct (exp is in seconds)
-      const token = await server.methods.jwt.verify(response.result.token)
-      expect(token.exp).to.eql(Math.floor(expirationDate / 1000))
+      const decoded = await server.methods.jwt.verify(response.result.token)
+      expect(decoded.exp).to.eql(Math.floor(expirationDate / 1000))
 
       // apart from the token link should remain the same (but now valid)
       Object.keys(response.result).forEach(key => {